I've a code to persist information in cookies about users like UserName and password.
Question is:
Its not secure to store information like that plain text in cookies.My DB store hashed passwords,so i could save those hashs in cookies and retrieve them later,but if i do that i wouldnt be able to fill password's textbox cause the hash string would be too long for it.
I am writing a simple plugin for IE. I need to store a password and username setting for the user who uses the plugin. I know that I can store the username/password in the registry, I can manually encrypt it using the encription classes with .NET, or I can store it in a config file and encrypt the config file. I was wondering if there is a specific pattern/mechanism that I should use to store password and username.
View 1 Replies Is it possible to allow users to login with Email, UserName, Phone or Password. but landing page should only select record by UserNme
LOGIN
protected void OnAuthenticate(object sender, AuthenticateEventArgs e) {
string constr = ConfigurationManager.ConnectionStrings["con"].ConnectionString;
int UserID;
using (SqlConnection con = new SqlConnection(constr)) {
using (SqlCommand cmd = new SqlCommand("Validat_UserTable"))
[Code] ....
I am using ASP.NET Forms Authentication for my application. I have made my Password Format "Clear", so no problems with the password encryption. I need to create a view(in SQL server) to display all Administrators in my System. ie aspnet_Roles.LoweredRoleName='administrator' The fields needed are UserName and Password
View 1 RepliesI need to persist data between pages.I tried using session but the value is not saving.
Should using cookies be a better option? If so give a small example of transfreing and saving data between pages.
I've been trying to add a little Remember Me in my login page and been suffering 2 days with this cookie problem.This is how I set the cookie:
HttpCookie coo = new HttpCookie("test");
URL...how we can sending formatted email now in my Login.aspx page i have Textbox that when users forget their password they should type their Username on the textbox and after that click on send button.I want when users click on send button their user name that they type in textbox be on the email that send to me .
View 1 RepliesI am creating a simple web management studio using SMO. Is it secure enough to persist/store user information (login and password for database) using ASP.NET mechanism (e.g. formsauthentication, cookies, etc.). What will be the best practice to do this?
View 1 RepliesWhen a user that has their IE set to save passwords hits my "Reset Password" form, the first text box set with TextMode set to "Password" is populated with the users saved password. Understandable, this is not the affect I would like as this is their "old" password. I cannot set the text of a text box with mode set to "Password" (naturally). Does someone know how to suppress or clear this value when IE is saving passwords?
View 4 RepliesI had been trying to solve this but there is a hidden key i wish someone point me to.
I had a simple membership database with users in first the Membership Provider configured for clear password to retrieve the original password .
Now a new requirement say that the password must be hashed and reset .
I configure the Membership password to hash , and Implemented the Reset Password Module.
My problem is as follow.
If the user is new registered user with the new configuration the password and the security answer is hashed.
also when I go and reset the password it continue to be hashed.
Now I thought that with new configuration if any previous user with clear text configuration , If he use the password Reset module , because my configuration now is hashed , I expected that the new password and security answer will be hashed . what happen is old user continue in clear text even if the configuration is hashed. so If I had new users everything is fine.
old users Membership Provider somehow know they had been stored in clear text and it keep change password and security answer in clear text . If I delete this user and create it , Membership Provider understand that everything will be hashed. I need to know how it know this , I need to migrate users not to delete and recreate users .
Also if there are no solution for that , I wish Microsoft Consider it in future cause it is a real user scenario, that can happen imagine a business system that related to membership user Id , deleting users and recreate them is not a solution .
It has been a while since I've built an entire ASP.NET web application from the ground up but I'm about to jump in again. I've built many individual pages, controls, web parts, etc. recently, but nothting 'soup to nuts' for a couple of years. My question is in regards to login security control. I do not want to use the built in ASP.NET Memberhip functionality for various reasons and already have custom code that authenticates the user, controls passwords, login attempts, etc. I am really concerned though about how to validate that the user is logged in (and the best way to do it). For instance, right now I use a Base page that all of my .aspx pages inherit from. In the OnInit() method, it executes code which includes:
[Code]....
I set the Session["LoggedIn"] object to "true" after the user has successfully been authenticated at the Login.aspx page. So, when a user attempts to access any page in the application, if that Session object isn't true, they will be redirected (you can't visit any page without being logged in). This all works great, but I'm thinking I need something more and that brings me here. First, do I need more? Is this enough? I was thinking about creating a cookie with a GUID value and the SessionID (both encrypted perhaps?) and adding that to my Base page so it checks both the current Session["LoggedIn"] value
and the values in the cookie.
i want source code about remember my password using cookies concept.
View 4 RepliesI am using ASP.NET profiles with allowAnonymous="true". I am NOT using ASP.NET membership. I recently took a hard look at the aspnetdb database and noticed that although my site gets 600-800 unique visitors daily, there are 4000-5000 "users" being created in the database.
Clearly what is happening here is the users with cookies disabled end up creating a record for every request.
My question: How do I prevent user and profile database records from being created if the client doesn't support cookies or has them disabled?
I want to display client system information like username,ipaddress. I get only the remote address.Let me know how to get the client system information.
View 6 RepliesLooking at the html below, why I can not get the right side of the username and password textboxes to lign up underneath eachother?
[Code]....
I am developing a .net application using Web Services, and the application is consuming them using Spring.Net WebServiceProxyFactory. I need to send to the web service the username and password of the user that is logged in to the application, consuming the web service. Reading some forum post [URL] they seem to refer to an example that used to be in the spring documentation [URL], an example of how using SOAP headers for authentication using the WebServiceExporter and WebServiceProxyFactory, but the link to the file is broken. Do you know a way that I can send the user credentials as a soap header using spring.net? Or any data (for example, a token ID that the web service will use later to get the user credentials).
View 1 RepliesI have created a test user/password on my web site. The intent is to have prospective clients login and try out the tool. Instead of telling them the userid/password of the test user, I'd like to tweak the Login wizard.
In the Load event, I was able to specify login1.UserName = "test user"
But when I try to specify the password, I'm told it is a readonly field. How can I 'force' a specific password? Or, how can I call the login event directly and pass the needed values?
I designed a website, in login page username and password should be encrypted and sent to server for validation. How to do this.
View 5 RepliesI have a root folder college when you type in server/college/science it will ask for the user name and password.
(The usename and password are stored in controlpanel->administartivetools->computermanagement->localusersandgroups->users
userid is Test and password is PWD
Now I addea a folder in college
so when I type in college/english it is not asking me for the user id and password. It is showing the content directly.
How can I make english folder ask for the userrid and pasword stored in users (Test)
public FilePathResult GetFileFromDisk(int id){ var file = dbSample.FileStores.Where(f => f.FileID == id).FirstOrDefault(); string path = Server.MapPath(@"~Images"); string fileName = file.FileUrl;.....
return File(path + fileName, file.MimeType, file.FileName);}hey I have this code for getting file from my server.In some downloader like IDM we have a SiteLogin,we can input usernameand password in your downloader,how can i retrieve from this to check this Username is exists from my database.
I m crating contact reader functionality in my site. for this i have taken class from. from which i m working on tracing input box from yahoo pages. after seaching this text box i'll send value to respective textbox but for searching text box i used one fucntion in which i used one reguler expression for tracing input box.
Here is the function
[Code].....
and here is the page code
[Code]....
so there is anything problem in the regex. so except username and password i m getiing all the input types.
I have a service (WCF) with which my ASP.NET page will communicate. The WCF service has hashed passwords in its data store (a file actually). The WCF service requires the username and the hashed password on every call. Nowm the problem I'm encountering is that if I authenticate the user with forms authentication in ASP.NET, a cookie will be saved in the user's computer after the user is authenticated but I would like to save the username and hashed password too so that the user may able to use the WCF service. Where should this information should be saved so that it is safe and secure? Should I use session variables? If I choose that option that, then should I switch from forms-based authentication and manually authenticate using session variables or use both forms-based autentication for web page access and store the username and hashed password in a session variable? What are the pros and cons of each?
View 2 RepliesHow to autogenerate username and password in createuserwizard vb.net !
I want username as int data type and auto increment as 1000, 1001, 1002 and so on ...
and password for all user in random numbers ... with characters as aA123Sb
in createuserwizard complete step it will show username and password....
how to do in vb.net ?
I want to hide the username and password of the connectionstring. Do I just need to set persistsecurityinfo to false?
View 1 Replieshow to auto login the user like in facebook.
what i mean that if the user ticks remember me then next time he will be auto logged in
